diff --git a/.github/workflows/datahub-actions-docker.yml b/.github/workflows/datahub-actions-docker.yml index cc902ed0..791edbcd 100644 --- a/.github/workflows/datahub-actions-docker.yml +++ b/.github/workflows/datahub-actions-docker.yml @@ -45,8 +45,8 @@ jobs: run: | echo "Enable publish: ${{ env.ENABLE_PUBLISH != '' }}" echo "publish=${{ env.ENABLE_PUBLISH != '' }}" >> "$GITHUB_OUTPUT" - push_to_registries: - name: Build and Push Docker Image to DockerHub + regular_image: + name: Build & Push Image to DockerHub runs-on: ubuntu-latest if: ${{ needs.setup.outputs.publish == 'true' }} needs: setup @@ -70,25 +70,42 @@ jobs: with: username: ${{ secrets.ACRYL_DOCKER_USERNAME }} password: ${{ secrets.ACRYL_DOCKER_PASSWORD }} - - name: Build and Push Image + - name: Build & Push Image uses: docker/build-push-action@v6 with: file: ./docker/datahub-actions/Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.docker_meta.outputs.tags }} push: ${{ needs.setup.outputs.publish == 'true' }} - build-args: + target: final + build-args: "GEM_FURY_TOKEN=${{ secrets.GEMFURY_PULL_TOKEN }}" - - name: Docker meta command separated - id: docker_meta_comma_sep + slim_image: + name: Build & Push Image to DockerHub (slim) + runs-on: ubuntu-latest + if: ${{ needs.setup.outputs.publish == 'true' }} + needs: setup + steps: + - name: Check out the repo (slim) + uses: actions/checkout@v3 + - name: Docker meta (slim) + id: docker_meta uses: crazy-max/ghaction-docker-meta@v1 with: images: | acryldata/datahub-actions tag-custom: ${{ needs.setup.outputs.tag }} tag-custom-only: true - sep-tags: ',' - - name: Docker meta + - name: Set up QEMU (slim) + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx (slim) + uses: docker/setup-buildx-action@v2 + - name: Login to DockerHub (slim) + uses: docker/login-action@v2 + with: + username: ${{ secrets.ACRYL_DOCKER_USERNAME }} + password: ${{ secrets.ACRYL_DOCKER_PASSWORD }} + - name: Docker meta (slim) id: docker_meta_slim uses: crazy-max/ghaction-docker-meta@v1 with: @@ -96,19 +113,17 @@ jobs: acryldata/datahub-actions-slim tag-custom: ${{ needs.setup.outputs.tag }} tag-custom-only: true - - name: Actions Docker Tag - id: action_tag - run: echo "tag=$(cut -d',' -f1 <<<'${{ steps.docker_meta_comma_sep.outputs.tags }}')" >> "$GITHUB_OUTPUT" - - name: Build and Push Image (slim) + - name: Build & Push Image (slim) uses: docker/build-push-action@v6 with: file: ./docker/datahub-actions/Dockerfile platforms: linux/amd64,linux/arm64 tags: ${{ steps.docker_meta_slim.outputs.tags }} push: ${{ needs.setup.outputs.publish == 'true' }} + target: final build-args: | "APP_ENV=prod-slim" - "DOCKER_BASE_IMAGE=${{ steps.action_tag.outputs.tag }}" + "GEM_FURY_TOKEN=${{ secrets.GEMFURY_PULL_TOKEN }}" # image_scan: # permissions: # contents: read # for actions/checkout to fetch code @@ -116,7 +131,7 @@ jobs: # actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status # name: "[Monitoring] Scan action images for vulnerabilities" # runs-on: ubuntu-latest - # needs: [setup, push_to_registries] + # needs: [setup, slim_image] # steps: # - name: Checkout # adding checkout step just to make trivy upload happy # uses: actions/checkout@v3 @@ -148,7 +163,7 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: "[Monitoring] Scan slim action images for vulnerabilities" runs-on: ubuntu-latest - needs: [setup, push_to_registries] + needs: [setup, slim_image] steps: - name: Checkout # adding checkout step just to make trivy upload happy uses: actions/checkout@v3